## Configuração para mg.partidopirata.org
server {
  listen 80;
  listen [::]:80;
  server_name mg.movimentopirata.org;
  return 301 https://mg.movimentopirata.org$request_uri;
}
server {
  listen 80;
  listen [::]:80;
  server_name *.mg.movimentopirata.org;
  return 301 http://mg.movimentopirata.org$request_uri;
}

## SSL
server {
  listen 443 ssl;
  listen [::]:443 ssl;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers on;
  ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
  ssl_ecdh_curve secp384r1;
  ssl_session_cache shared:SSL:10m;
  ssl_session_tickets off;
  ssl_stapling on;
  ssl_stapling_verify on;
  resolver 208.67.220.220 208.67.222.222 valid=300s;
  resolver_timeout 5s;
  add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
  add_header X-Frame-Options SAMEORIGIN;
  add_header X-Content-Type-Options nosniff;
  ssl_certificate /etc/letsencrypt/live/partidopirata.org/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/partidopirata.org/privkey.pem;
  ssl_trusted_certificate /etc/letsencrypt/live/partidopirata.org/chain.pem;

  server_name mg.partidopirata.org;

  root /var/www/www/wp/mg.movimentopirata.xyz/;

  index index.php;
  # Global restrictions configuration file.
  # Designed to be included in any server {} block.
  location /favicon.ico {
    log_not_found off;
    access_log off;
  }

  location /robots.txt {
    allow all;
    log_not_found off;
    access_log off;
  }

  # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
  # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
  location ~ /\. {
    deny all;
  }

  # Deny access to any files with a .php extension in the uploads directory
  # Works in sub-directory installs and also in multisite network
  # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
  location ~* /(?:uploads|files)/.*\.php$ {
    deny all;
  }

  # WordPress single site rules.
  # Designed to be included in any server {} block.

  # This order might seem weird - this is attempted to match last if rules below fail.
  # http://wiki.nginx.org/HttpCoreModule
  location / {
    try_files $uri $uri/ /index.php?$args;
  }

  # Add trailing slash to */wp-admin requests.
  rewrite /wp-admin$ $scheme://$host$uri/ permanent;

  # Directives to send expires headers and turn off 404 error logging.
  location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
    access_log off; log_not_found off; expires max;
  }

  # Uncomment one of the lines below for the appropriate caching plugin (if used).
  #include global/wordpress-wp-super-cache.conf;
  #include global/wordpress-w3-total-cache.conf;

  # Pass all .php files onto a php-fpm/php-fcgi server.
#  location ~ [^/]\.php(/|$) {
#    fastcgi_split_path_info ^(.+?\.php)(/.*)$;
#    if (!-f $document_root$fastcgi_script_name) {
#      return 404;
#    }
#    # This is a robust solution for path info security issue and works with "cgi.fix_pathinfo = 1" in /etc/php.ini (default)

#    #include fastcgi_params;
#    fastcgi_index index.php;
#    #fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
#    # fastcgi_intercept_errors on;
#    #fastcgi_pass php;
#    include /etc/nginx/fastcgi_params;
#    fastcgi_param PATH_INFO $fastcgi_script_name;
#    fastcgi_param SCRIPT_NAME "";
#    fastcgi_pass unix:/var/run/php5-fpm-mgmovimentopirata.sock;
#  }
  location / {
    proxy_pass http://entwickler;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header X-Forwarded-Proto $scheme;
  }
}

## Tor
#server {
#  listen 127.0.0.1:42911;
#  allow 127.0.0.1;
#  deny all;
#
#  add_header X-Frame-Options SAMEORIGIN;
#  add_header X-Content-Type-Options nosniff;
#
#  server_name mg4hkdeljcl6n4pl.onion;
#
#  root /var/www/www/wp/mg.movimentopirata.xyz/;
#
#  index index.php;
#  # Global restrictions configuration file.
#  # Designed to be included in any server {} block.
#  location /favicon.ico {
#    log_not_found off;
#    access_log off;
#  }
#
#  location /robots.txt {
#    allow all;
#    log_not_found off;
#    access_log off;
#  }
#
#  # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
#  # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
#  location ~ /\. {
#    deny all;
#  }
#
#  # Deny access to any files with a .php extension in the uploads directory
#  # Works in sub-directory installs and also in multisite network
#  # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban)
#  location ~* /(?:uploads|files)/.*\.php$ {
#    deny all;
#  }
#
#  # WordPress single site rules.
#  # Designed to be included in any server {} block.
#
#  # This order might seem weird - this is attempted to match last if rules below fail.
#  # http://wiki.nginx.org/HttpCoreModule
#  location / {
#    try_files $uri $uri/ /index.php?$args;
#  }
#
#  # Add trailing slash to */wp-admin requests.
#  rewrite /wp-admin$ $scheme://$host$uri/ permanent;
#
#  # Directives to send expires headers and turn off 404 error logging.
#  location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
#         access_log off; log_not_found off; expires max;
#  }
#
#  # Uncomment one of the lines below for the appropriate caching plugin (if used).
#  #include global/wordpress-wp-super-cache.conf;
#  #include global/wordpress-w3-total-cache.conf;
#
#  # Pass all .php files onto a php-fpm/php-fcgi server.
#  location ~ [^/]\.php(/|$) {
#    fastcgi_split_path_info ^(.+?\.php)(/.*)$;
#    if (!-f $document_root$fastcgi_script_name) {
#      return 404;
#    }
#    # This is a robust solution for path info security issue and works with "cgi.fix_pathinfo = 1" in /etc/php.ini (default)
#
#    #include fastcgi_params;
#    fastcgi_index index.php;
#    #fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
#    # fastcgi_intercept_errors on;
#    #fastcgi_pass php;
#    include /etc/nginx/fastcgi_params;
#    fastcgi_param PATH_INFO $fastcgi_script_name;
#    fastcgi_param SCRIPT_NAME "";
#    fastcgi_pass unix:/var/run/php5-fpm-mgmovimentopirata.sock;
#  }
#}

